oss-sec mailing list archives

Re: CVE-Request: squid pinger remote DoS

From: cve-assign () mitre org
Date: Mon, 22 Sep 2014 02:08:57 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I made a fix for squid 3.4.6 and request a CVE for
this issue:

The pinger code that checks for nodes being alive doesnt
properly validate ICMP and ICMPv6 replies, in particular
icmp6 types which are used to index into a string array.
This could cause crashes when the index is OOB.

A patch is available here:

https://bugzilla.novell.com/show_bug.cgi?id=891268

I also made some cleanups and error checking on the
receive socket.

From: Amos Jeffries <squid3 () treenet co nz>

What could happen worst-case (#1 or #3 ... flooding the parent
processes log, slowing the entire service down and/or exhausting log
disk space, which in turn can crash the parent process. ... The
best-case being that some HTTP servers are assigned incorrect RTT
values. Which adversely affects latency based routing logics ...



As far as we can tell, CVE IDs are required for cases #1 and #3:

1. "used to index into a string array" possibly corresponds to
http://cwe.mitre.org/data/definitions/129.html for the modified
default case after case 136, and approximately two other places in the
patch


Use CVE-2014-7141.

3. added "if (preply.psize) < 0" code apparently corresponds to a more
general issue with missing data validation


Use CVE-2014-7142.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUH7xuAAoJEKllVAevmvmsBbIH/2N7bDbuvxY/iGH6Jtj65rNK
fIZqVWUiAGvr/ZxtmxM++sikol+7mtspqjyxuu0L5r4Uzz230aCiiKsVGFqNmOOB
4WvW9kL7X7KXBh0Knn/i3eJP930BtdJUY5lOV+pRfkKfAV4ZqoJR2kF3Jfw0UMHi
sabnXcG4Kex+nnQhA7aJliZhAwJI0Ou51H7PCwYi9HOugO3E8sA8xb8cwBSihdzm
XI4qKFVTzx4fm/YUE8XizHah099FBNMJAPXrIQKVuawL7L7zDEeA45x0IDulgZ+w
Rysl8bSDtxkONsGgxcwE5HbOjoOF/8eWttQyyj473ts4Lr5tLduAfJqOqYxZ0gc=
=60QN
-----END PGP SIGNATURE-----

Current thread:

CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
  - Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)
  - Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)